Security and Privacy: Workstation Authentication and Records Retention Lori Driscoll Associate University Librarian and Chair of Access Services University of Florida Peter Murray Assistant to the Director for Technology Initiatives University of Connecticut Gordon Wishon CIO, Assoc. Vice President & Assoc. Provost University of Notre Dame Efforts to secure computers and networks and the development of corresponding policies and procedures that appropriately protect user privacy present difficult challenges for libraries and institutions of higher education. These policies are of increasing importance due to security concerns, legislation such as the USA PATRIOT Act, and the changing licensing requirements of software and database vendors. The Association of Research Libraries (ARL) recently published two reports examining patron privacy and authentication of public workstations. The study on patron privacy revealed a wide variety of retention guidelines and few specific privacy policies. Librarians in general were unaware of which records their institution retained and for what length of time and did not fully understand the technological issues related to purging data from computers. The second study showed that there is little consensus on how to handle authentication of public access workstations. Some libraries have policies independent of their institutions' IT security policies, while others defer to their institutions' policies. The same issues confound efforts to secure workstations in computer labs, classroom PCs, public kiosks, hardware that is loaned or shared among multiple users, and wireless network access. This briefing will explore the ARL reports and related campus challenges in light of the "Principles to Guide Efforts to Improve Computer and Network Security for Higher Education" developed by the EDUCAUSE/Internet2 Computer and Network Security Task Force in 2002. Web Links: http://www.arl.org/spec/SPEC278WebBook.pdf http://www.arl.org/spec/SPEC277WebBook.pdf http://www.educause.edu/security Handout: Security and Privacy: Workstation Authentication and Records Retention (DOC) Presentation: Security and Privacy: Workstation Authentication and Records Retention (PDF)